CVE-2024-3240

CVE-2024-3240 affects the ConvertPlug (ConvertPlus) WordPress plugin up to version 3.5.25. It allows authenticated users withContributor+ access to trigger a PHP Object Injection via deserialization of untrusted data in the shortcodes’ settings_encoded attribute of the smile_info_bar element, pot...

PT-2024-24548 · WordPress · Convertplug

Name of the Vulnerable Software and Affected Versions: ConvertPlug plugin for WordPress versions up to, and including, 3.5.25 Description: The issue concerns PHP Object Injection via deserialization of untrusted input from the settings encoded attribute of the "smile info bar" shortcode. This...

WordPress Last Viewed Posts by WPBeginner Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Last Viewed Posts by WPBeginner Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3070 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1e1e21bf8373 Credits Francesco Carlucci Requir...

CVE-2024-1896

The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.2 via deserialization via shortcode of untrusted input from the 'awllgsettings'...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2023-7064 Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2023-7064

The CVE-2023-7064 entry concerns the WordPress plugin Shortcodes and extra features for Phlox theme (auxin-elements). It describes a PHP Object Injection vulnerability via deserialization of untrusted input from the vulnerable id parameter in the function auxin_template_control_importer, affectin...

CVE-2023-7064 Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode

The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers, with...

CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode

The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers, with...

CVE-2024-1897

CVE-2024-1897 affects the Grid Gallery – Photo Image Grid Gallery WordPress plugin (≤ 1.4.3). It allows PHP Object Injection via deserialization of untrusted input from the awl_gg_settings_ meta value, enabling authenticated attackers with Contributor+ rights to inject a PHP object. The vulnerabi...

CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode

The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.2 via deserialization via shortcode of untrusted input from the 'awllgsettings'...

CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode

The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.2 via deserialization via shortcode of untrusted input from the 'awllgsettings'...

CVE-2024-1896

CVE-2024-1896 affects the WordPress plugin Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery. It allows PHP Object Injection via deserialization of untrusted input in the shortcode attribute awl_lg_settings_ for versions up to 1.4.1. An auth...

Last Viewed Posts by WPBeginner < 1.0.1 - Unauthenticated PHP Object Injection

Description The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Objec...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Photo Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18403 · WordPress · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress versions up to, and including, 1.4.1 Description: The issue allows authenticated attackers with contributor...